CVSS: 4.3EPSS: 1%CPEs: 10EXPL: 3CVE-2004-2402
https://notcve.org/view.php?id=CVE-2004-2402
Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect. • http://archives.neohapsis.com/archives/bugtraq/2004-09/0227.html http://secunia.com/advisories/12593 http://www.osvdb.org/10242 http://www.securityfocus.com/bid/11215 https://exchange.xforce.ibmcloud.com/vulnerabilities/17452 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 2CVE-2004-2754 – YABB SE 1.x - 'SSI.php' ID_MEMBER SQL Injection
https://notcve.org/view.php?id=CVE-2004-2754
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. • https://www.exploit-db.com/exploits/23554 http://securityreason.com/securityalert/3371 http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105 http://www.osvdb.org/3618 http://www.securityfocus.com/archive/1/350244 http://www.securityfocus.com/bid/9449 http://www.securitytracker.com/id?1008764 http://www.yabbse.org/community/index.php?thread=27122 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2139
https://notcve.org/view.php?id=CVE-2004-2139
Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl. • http://secunia.com/advisories/12609 http://www.osvdb.org/10222 http://www.securityfocus.com/bid/11235 http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233 https://exchange.xforce.ibmcloud.com/vulnerabilities/17459 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2004-2140
https://notcve.org/view.php?id=CVE-2004-2140
CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable. • http://secunia.com/advisories/12609 http://www.yabbforum.com/community/YaBB.pl?board=general%3Baction=display%3Bnum=1093133233 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2004-1662
https://notcve.org/view.php?id=CVE-2004-1662
YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message. • http://echo.or.id/adv/adv05-y3dips-2004.txt http://marc.info/?l=bugtraq&m=109441750900432&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/17267 •